The days of using simple words or single character or a blank as a password are gone. Today, easy passwords can be cracked or guessed within minutes. Since the information on your computer is precious, you need to protect it as much as you can. This guide is to help you create solid passwords that will be a roadblock for intruders who are trying to break-into your computer.

• Length – The number of characters for your password is very important. The recommended number of characters are at least seven characters. The reason is that a three character password such as fgy can easily be guessed by an intruder faster than a seven character password.
   
• Strength – The strength of a password refers to the complexity of the password. In another words, can anyone guess what your password is. For example, if your computer account is janedoe and your password is janedoe or JaneDoe, an intruder can easily try and succeed in logging into your computer. You should not use words that can be traced to you such as your address, pet name, spouse name, surname, nickname to name a few.
  
  To strengthen your password, the recommendation is to use a mix of special characters, numbers, and the alphabet. Special characters are !@#$%^&*()_+{}. Here are a few examples of stronger passwords: uRkn2T@ or R24Real? or Yc@nU95.
   
• Keywords – Most people are familiar with creating simple temporary passwords for new employees or for other trusted people with the intent on allowing them to change the password at a later time. Passwords like abc123 and 567fgh were commonly used. Now, you should break this habit. These passwords are almost like not having a password because intruders have programmed these words into their software to guess your password. The recommended practice is to assign a strong password from the beginning so that the new employee or trusted colleague will also follow your lead.
   
• Longevity – How long should I keep the same password before I need to change it? The longer that you use the same password there is a higher risk of an intruder breaking into your computer. Why? The intruder will have all the time in world to keep trying to guess your password because you never changed it. Please see the estimated times for cracking your password below.
  
  While some of the times are long, you must remember that intruders are relentless and will not give up so easily especially if they really want to get into your computer. The recommended time to keep a password will vary depending on how secure your computer needs to be. This is usually dictated through a departmental policy. A computer that requires high security should have a shorter life span for passwords for example, 30 days. A computer with normal security should have about 45 days.
   
• Historical – It is not a good practice to create four or five passwords and switch between them every time the computer reminds you to change your password. It would defeat the purpose of having a life span for the passwords. For example:
  
  start – my password is Tr*2catchmE!
  45 days later– I change my password to U#can’tGetIN%
  45 days later – I change my password to Wht$Up23&
  45 days later – I change my password back to the starting password Tr*2catchmE!
  
  Do not just add on more characters to your existing password such as Tr*2catchmE!456. If the intruder guessed the first part of the password, they would just need to guess the last three characters.
  
  Be creative. You should not recycle passwords! This is one resource that you are allowed to waste.
  
  
• One for All – Keeping track of passwords for different accounts can be difficult. It is very convenient to create a strong password and use it for all your accounts for your credit card company website, your home Internet service provider, your work computer, or your personal email accounts like Hotmail or Yahoo. This is a bad habit and you should never do this. Let’s say that you have 14 accounts with a variety of Web sites or email sites. An intruder breaks into one of those companies who offer these services. The intruder now has your password for all 14 accounts and will have an easy time gaining access to those accounts. The recommended practice is to have different passwords for each account. This means that you will have 14 different passwords if we use the previous example. This way the intruder will not be able to take over all of your accounts.

This guide was created to make you aware of the consequences of using weak or blank passwords and not to make you paranoid. Remember that your password is your key into unlocking your computer and it is comparable to a car key unlocking your car door. Creating strong password is one of the easiest security tools to keep your computer and information safe.

• Contact ITS